Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. Date published : 2021-06-11 https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/ https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. Date published : 2021-06-11 https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. Date published : 2021-06-11 http://packetstormsecurity.com/files/163198/Samsung-NPU-npu_session_format-Out-Of-Bounds-Write.html https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=6
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. Date...
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Date published : 2021-06-11 https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=5